Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@mindgrub/mindgrub-react
Advanced tools
React tools
This repository contains general-purpose functions for use with React and React DOM.
The library assumes that react and react-dom are available at runtime.
The module is intended to be used with Rollup as a packaging tool, and no particular effort is made to scope the content by subject matter (beyond the dependency on React).
The library is written in TypeScript and includes type definitions.
For additional notes, see the mindgrub package.
Assumptions
This library is 99% environment agnostic. However, it is compiled with the
dom lib because of one reference to window.requestAnimationFrame in
withAsync.tsx. In that particular case, the same effect could probably be
achieved by changing it to global.setImmediate, which does not assume a
browser environment.
However, more consideration would be required before these functions could be deemed “isomorphic,” i.e. supporting server-side render. So for the moment this l ibrary makes a de facto assumption that it is used in a browser.
Code formatting
This codebase uses prettier as a formatter, and includes
a Gitlab CI step to verify this on commits. If you use editor integration
to get format-on-save (recommended), then no additional steps are necessary.
But you can also run npm format before committing to validate.
Keywords
FAQs
A collection of typed, functional React utilities.
The npm package @mindgrub/mindgrub-react receives a total of 0 weekly downloads. As such, @mindgrub/mindgrub-react popularity was classified as not popular.
We found that @mindgrub/mindgrub-react demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Aug 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025